VPN

Mirela · November 7, 2019, 9:20pm

How can I configure VPN passthrough on RB2011Ui.
I have VPN server and it works great when I connect from WAN, if want to connect from LAN it doesn’t want to connect.
VPN is standalone server not on mikrotik.
All I want is that VPN traffic is passthrough Mikrotik even if connection is made from LAN.

Thanks

Zacharias · November 8, 2019, 10:07am

VPN type ?
Can you provide a simple diagram of the network?

erlinden · November 8, 2019, 10:15am

Why don’t you just resolve your VPN server to your private IP address (of the VPN server) instead of the public IP address? Or connect to the VPN server on (private) IP address? I assume this is only for testing purposes?

Mirela · November 8, 2019, 3:05pm

Hi,

VPN is IKEv2 on Strongswan running debian. I want to enable vpn passthrough so I can have VPN connection enabled even when phones and laptops are in home network. Now I need to manually enable vpn every time I am outside of the office.

Mikrotik have IP 192.168.1.1
VPN server 192.168.1.5
Pool for VPN clients is 192.168.1.10 to 192.168.1.50
On Mikrotik is enabled port forwarding from eth1 to 192.168.1.5 on ports 500 and 4500.
On eth1 is modem.

mf761 · November 9, 2019, 4:44am

Hi,
For getting the traffic to your VPN server beeing routed correct you need dstnat of your VPN ports to the address type local to your VPN server and also a srcnat masquerade of the outinterface of the bridge.

that should work

but the question is, why do you want to connect to your local VPN from the same local network, or is behind that VPN another network?
VPN you use to connect from the WAN with a secure channel to your private network!

br
michael

gkk · November 9, 2019, 5:53pm

Maybe this https://wiki.mikrotik.com/wiki/Hairpin_NAT